angel1987 Posted October 12, 2010 Share Posted October 12, 2010 Here is the code that i am using to accept data and display the data. To accept and add it in database i am using : $comment = $_POST['txtcomment']; $comment = @mysql_real_escape_string($comment); To display the data from DB i am using : $comment = $rowscomment['comment']; <?php echo nl2br($comment); ?> Please help me correct it....... I am still learning PHP. Quote Link to comment Share on other sites More sharing options...
Adam Posted October 12, 2010 Share Posted October 12, 2010 htmlspecialchars - the order is important though, because if you apply htmlspecialchars() after nl2br() you'll convert the br tags to entities too: echo nl2br(htmlspecialchars($comment)); Quote Link to comment Share on other sites More sharing options...
rwwd Posted October 12, 2010 Share Posted October 12, 2010 $comment = mysql_real_escape_string(strip_tags($_POST['txtcomment'])); Rw Quote Link to comment Share on other sites More sharing options...
angel1987 Posted October 12, 2010 Author Share Posted October 12, 2010 Thanks for the answers, htmlspecialchars() worked. But is there anything else that i need to know? Just as an information to prevent issues related to other special characters that might be used for HTML or SQL injections or just to mess with the applications? I need the script to function perfectly, so is there anything i need to add while adding or displaying the data? Thanks again. Quote Link to comment Share on other sites More sharing options...
Faks Posted October 12, 2010 Share Posted October 12, 2010 $comment = trim($_POST['txtcomment']); helps avoiding if somebody trying to screw with empty table spacings and etc related it sow go read Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.